thehackernews.com Open in urlscan Pro
2606:4700:20::ac43:4615 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
Submission: On May 03 via api (May 3rd 2022, 8:27:14 am UTC) from US — Scanned from DE

Summary HTTP 53 Redirects Links 37 Behaviour Indicators

Summary

This website contacted 19 IPs in 4 countries across 14 domains to perform 53 HTTP transactions. The main IP is 2606:4700:20::ac43:4615, located in United States and belongs to CLOUDFLARENET, US. The main domain is thehackernews.com. The Cisco Umbrella rank of the primary domain is 249728.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 1st 2022. Valid for: a year.

This is the only time thehackernews.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
14	2606:4700:20:... 2606:4700:20::ac43:4615	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:440... 2606:4700:4400::ac40:99f7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2a	20446 (STACKPATH...) (STACKPATH-CDN)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
3	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
4	52.222.210.175 52.222.210.175	16509 (AMAZON-02) (AMAZON-02)
1	51.124.210.81 51.124.210.81	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	23.97.225.52 23.97.225.52	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:ee05:6a01:4b41:8c89	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:223... 2600:9000:223e:0:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2606:4700::68... 2606:4700::6810:5514	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
53	19

14 2606:4700:20::ac43:4615 (United States)

ASN13335 (CLOUDFLARENET, US)

thehackernews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:99f7 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.adpushup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.222.210.175 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-210-175.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.124.210.81 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

aplogger.adpushup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.97.225.52 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

e3.adpushup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:ee05:6a01:4b41:8c89 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223e:0:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::13 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	thehackernews.com thehackernews.com — Cisco Umbrella Rank: 249728	315 KB
8	google.com fundingchoicesmessages.google.com — Cisco Umbrella Rank: 2344	86 KB
7	adpushup.com cdn.adpushup.com — Cisco Umbrella Rank: 12159 aplogger.adpushup.com — Cisco Umbrella Rank: 12927 e3.adpushup.com — Cisco Umbrella Rank: 15239	214 KB
4	gstatic.com fonts.gstatic.com	256 KB
4	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 448 mug.criteo.com — Cisco Umbrella Rank: 1931	1 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 375	40 KB
4	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 245 googleads.g.doubleclick.net — Cisco Umbrella Rank: 65	158 KB
2	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 119	165 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 111	4 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 574	2 KB
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 1160	346 B
1	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 1338	10 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 341	28 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 936	29 KB
53	14

	Domain	Requested by
14	thehackernews.com	thehackernews.com
8	fundingchoicesmessages.google.com	cdn.adpushup.com
4	fonts.gstatic.com	fonts.googleapis.com
4	c.amazon-adsystem.com	cdn.adpushup.com c.amazon-adsystem.com
3	e3.adpushup.com
3	securepubads.g.doubleclick.net	cdn.adpushup.com securepubads.g.doubleclick.net
3	cdn.adpushup.com	thehackernews.com cdn.adpushup.com
2	mug.criteo.com
2	gum.criteo.com	1 redirects
2	pagead2.googlesyndication.com	thehackernews.com pagead2.googlesyndication.com
1	fonts.googleapis.com
1	cdn.jsdelivr.net	cdn.adpushup.com
1	rules.quantcount.com	secure.quantserve.com
1	secure.quantserve.com	cdn.adpushup.com
1	googleads.g.doubleclick.net	pagead2.googlesyndication.com
1	aplogger.adpushup.com
1	cdnjs.cloudflare.com	thehackernews.com
1	code.jquery.com	cdn.adpushup.com
53	18

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
feeds.feedburner.com
deals.thehackernews.com
thehackernews.tradepub.com
www.instagram.com
t.me
go.thn.li
www.trendmicro.com
nmap.org
www.cisa.gov
en.wikipedia.org
forum.avast.com
www.reddit.com
news.ycombinator.com
api.whatsapp.com
telegram.me

Subject Issuer	Validity	Valid
thehackernews.com Cloudflare Inc ECC CA-3	`2022-05-01` - `2023-05-01`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-22` - `2022-06-21`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
*.adpushup.com Sectigo RSA Domain Validation Secure Server CA	`2020-05-27` - `2022-08-29`	2 years	crt.sh
*.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-11` - `2022-07-07`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
Frame ID: 81D73EFCCF849C52F04C64823B54011F
Requests: 58 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220428/r20190131/zrt_lookup.html
Frame ID: 2AF191DC4954E89611942C77C95B8B71
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection

Detected technologies

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

53
Requests

96 %
HTTPS

72 %
IPv6

14
Domains

18
Subdomains

19
IPs

4
Countries

1316 kB
Transfer

3148 kB
Size

5
Cookies

37 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/thehackernews
Title: 

Search URL Search Domain Scan URL

URL: https://twitter.com/thehackersnews
Title: 

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/thehackernews/
Title: 

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/thehackernews?sub_confirmation=1
Title: 

Search URL Search Domain Scan URL

URL: https://feeds.feedburner.com/TheHackersNews
Title: 

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/
Title:  Offers

Search URL Search Domain Scan URL

URL: https://thehackernews.tradepub.com/
Title: Free eBooks

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/free
Title: Freebies

Search URL Search Domain Scan URL

URL: https://www.instagram.com/thehackernews/
Title: 

Search URL Search Domain Scan URL

URL: https://t.me/joinchat/AAAAADwuDObFWF60CiR-HQ
Title:  Telegram Channel

Search URL Search Domain Scan URL

URL: https://go.thn.li/cs-feb-header

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Title: said

Search URL Search Domain Scan URL

URL: https://nmap.org/book/man-nse.html
Title: NSE script

Search URL Search Domain Scan URL

URL: https://www.cisa.gov/uscert/ncas/current-activity/2022/03/22/fbi-and-fincen-release-advisory-avoslocker-ransomware
Title: advisory

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-avoslocker
Title: shows

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/HTML_Application
Title: HTA

Search URL Search Domain Scan URL

URL: https://go.thn.li/crowdsec-tour-d

Search URL Search Domain Scan URL

URL: https://forum.avast.com/index.php?topic=283231.0
Title: resolved in June 2021

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https%3A%2F%2Fthehackernews.com%2F2022%2F05%2Favoslocker-ransomware-variant-using-new.html
Title: 

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fthehackernews.com%2F2022%2F05%2Favoslocker-ransomware-variant-using-new.html&text=AvosLocker%20Ransomware%20Variant%20Using%20New%20Trick%20to%20Disable%20Antivirus%20Protection&via=TheHackersNews
Title: 

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fthehackernews.com%2F2022%2F05%2Favoslocker-ransomware-variant-using-new.html
Title: 

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https%3A%2F%2Fthehackernews.com%2F2022%2F05%2Favoslocker-ransomware-variant-using-new.html
Title: Share on Reddit

Search URL Search Domain Scan URL

URL: https://news.ycombinator.com/submitlink?u=https%3A%2F%2Fthehackernews.com%2F2022%2F05%2Favoslocker-ransomware-variant-using-new.html&t=AvosLocker%20Ransomware%20Variant%20Using%20New%20Trick%20to%20Disable%20Antivirus%20Protection
Title: Share on Hacker News

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=AvosLocker%20Ransomware%20Variant%20Using%20New%20Trick%20to%20Disable%20Antivirus%20Protection%20%E2%80%94%20https%3A%2F%2Fthehackernews.com%2F2022%2F05%2Favoslocker-ransomware-variant-using-new.html
Title: Share on WhatsApp

Search URL Search Domain Scan URL

URL: https://telegram.me/share/url?url=https%3A%2F%2Fthehackernews.com%2F2022%2F05%2Favoslocker-ransomware-variant-using-new.html&text=AvosLocker%20Ransomware%20Variant%20Using%20New%20Trick%20to%20Disable%20Antivirus%20Protection
Title: Share on Telegram

Search URL Search Domain Scan URL

URL: https://go.thn.li/THNLite

Search URL Search Domain Scan URL

URL: https://go.thn.li/scw-q2

Search URL Search Domain Scan URL

URL: https://go.thn.li/native-q2-1
Title: Make software security a priority in 2022Learn more about how security-aware developers represent a vast and largely untapped resource that can support cyber defenses.

Search URL Search Domain Scan URL

URL: https://go.thn.li/native-q2-2
Title: Uncover the secure developer inside every coderEmpower developers to deliver secure coding that is intrinsic to their daily process.

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/sales/the-a-to-z-cyber-security-it-certification-training-bundle
Title: <img alt='Learn Ethical Hacking Online' class='deal-link' src='https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiI35PZGxaHZD68Ea5xegPuLeSWEhyoS4eYqzEECWzt64wQRQ7MCPbeGR4qIhBAGbt1XdJ6USs2yeFxr0bqF3mtE9Is_pMyL9cSPtiJtbRAxj3lLfSGBcNqegKYr63rMaD8uJtLT8mHEk4EAaq-AUAxDkfdf42CZfEHUtv_M928jHKaXI2EpWSb-0ti9A/s260-e100/hack.jpg'/> A to Z Cybersecurity Certification Training Get Paid to Hack Computer Networks When You Become a Certified Ethical Hacker.

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/sales/comptia-campus-premium-1-year-subscription
Title: <img alt='CompTIA Campus Premium' class='deal-link' src='https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgCP8LsHMCGJ66Sw30XA6l8p0tga-FYZWWXB8yocCCp12NHG1f0ovIFBY5RjuRuiExwLNq8RrXKHLyL5bFXjBb8QUPfLlRKO5bGWKYBcmNM1qUYVAik8mXDEw5gW3jc8tkV8z18vbKFDWb9hnXuPnQINmyfPCn_TAp9v_KHdzVwjfgzTBy-sPkglYelYg/s260-e100/comptia.jpg'/> CompTIA Campus Premium One-Stop-Shop for All CompTIA Certifications! Get 1-Yr Access to Courses, Live Hands-On Labs, Practice Exams and Updated Content

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/sales/ultimate-network-and-security-course-bundle
Title: <img alt='Ethical Hacking' class='deal-link' src='https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEimmKZ26nPjNl2ZjmIlqVtP9X1SaF-1z_fMwY1oRIFZVKV8k9SXIxpo5tWyLQkQ79I4hXOhE3fe5H5SgoANx2zIC6PeOeh-wFumVXXq8GtMF-AhCLTI8TlQ5MEBV9UZAs4mfxcgKn_ZaynBDg3JwJK3dCFewhjYJx3Hd2TK_w8r-lirYQj8yeTWnPyYIA/s260-e100/hacking.jpg'/> Network, Security and Ethical Hacking Your 28-Hour Roadmap as an Ultimate Security Professional — Master Network Monitoring, PenTesting, and Routing Techniques and Vulnerabilities

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/sales/the-complete-2022-linux-certification-training-bundle
Title: <img alt='Linux Certification Courses' class='deal-link' src='https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhtIq4lKc2RybeE8fg8x1hvFqh2nr1cx6Hy0sQaXshQQ1CjwhceehW_AWliIuIzdpv8niYskXwOh4SmHiT5n_eE-ngP90BcTwZMzJClByVrQdc1ZhfQREek1l4sx7_bFDZgEqc1gFjYKxSOVD5KToTX8UMTyVH9_CPQejpwEzizqO4MUisPIS76OsJnxA/s260-e100/linux.jpg'/> Complete Linux Certification Training Know Your Way Around Networks and Client-Server Linux Systems — Techniques, Command Line, Shell Scripting, and More

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/collections/citizengoods-exclusives
Title: Exclusives

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/collections/hacking
Title: Hacking

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/collections/shop-by-specialization-developer
Title: Development

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/collections/shop-by-interest-android
Title: Android

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 48

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthehackernews.com%2F&domain=thehackernews.com&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=Y1j6UXxYMUJ0MXNRQlhlOG55VGtUOWF3TU95Skc0OU5FU3IrSjAwWnRaN0M0QXhrK3JieGFhVkZ4TXVWWGZOeW1rTGpPN0hUbWhFdERNTE9iR1QvVHBiMGJBUnFvUVl2bm5qWmtKZ3o2SmJvWnBiRHBMYzk0T0pxRms4cjBhaGZLc3R0V0NJRWpYdjFZTjZqZ09jeG91SWtFQVdidHh1VXNQZzArc01zSlFyYzZlRy9HNW10MllHOFRWMDF1QWhOUjdhcjQ0bDc4VjhGZWxDU3I2NWZFbWlCdHlSbWtBalA1Z3FSUmxOMEpGSFNHYVYwb21iTGQyZ25oZGFobjdrOXNSdVNGfA&cppv=2

53 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request avoslocker-ransomware-variant-using-new.html Show response
thehackernews.com/2022/05/ 150 KB
71 KB 167ms
110ms Document
text/html 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordPress VIP

Resource Hash

a80d0deb7261670ebb8132f4bfdf3f4efae3f6071cbb663c322ccdfcf769557f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 143
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, s-maxage=604800, max-age=0
cf-cache-status: HIT
cf-ray: 70579da33a50900d-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Tue, 03 May 2022 08:27:08 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Tue, 03 May 2022 08:24:44 GMT
last-modified: Tue, 03 May 2022 05:51:32 GMT
link: </css/roboto.css>; as=style; rel=preload
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lcNO%2BVS6B9g8ZDar7%2Fks9Eb0N%2FMA40jUI8TkOexv7kgDhnFBMM0c2ktP4lcTEa%2Fs2UL8wzIlLs8xZvsBi9m%2Bi%2BMU0V%2BdYKSejodvn%2Bdw61n0rEyVWAG2QE6OYeshPho7dFqMvtnoklwZCBz6EU98"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-forwarded-for: 2001:1b60:1010:2:1011:8644:a496:999
x-frame-options: DENY
x-powered-by: WordPress VIP
x-xss-protection: 1; mode=block

GET
H2 200 roboto.css
thehackernews.com/css/ 77 KB
57 KB 40ms
38ms Stylesheet
text/css 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thehackernews.com/css/roboto.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d8ab8467b889847c12c542bee765afc54acbaff1cc91ce3197ab4f2be8f08ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:27:08 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5ptJrqo2cYb9SmEBe2lALtT05Uilt%2BYwuIKhBsu1i0NVQs0RVj91BF%2Bvfh23kZvVNhXtHXa%2FaCF4bQVvVGEB4y6FDBeWxlnMzHpPQ6kLyNQgAqn2KMGzXKULftcUYXI%2BxYRF1Xit0rkn0fmTc7fk"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, immutable, s-maxage=8640000
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 70579da40b6c900d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 antimalware.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgX0lKnx5WdFoF_k4rJiFXzL8S6T7QacBw6YLYV-c3wmeack_LrSDflJj-tCiHWWDyuhvCRxff3JxsdWuCd7lCtomS2C0Mirl6h9_PazDFxXRjF9KAahOXfOCaW__Mzb9ltwXwFD0R-03BqrPy0D... 44 KB
45 KB 45ms
45ms Image
image/jpeg 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgX0lKnx5WdFoF_k4rJiFXzL8S6T7QacBw6YLYV-c3wmeack_LrSDflJj-tCiHWWDyuhvCRxff3JxsdWuCd7lCtomS2C0Mirl6h9_PazDFxXRjF9KAahOXfOCaW__Mzb9ltwXwFD0R-03BqrPy0D9gDWD-BXQOCmQdlraj-A-gPB1bJVOdRop98x2to/s728-e1000/antimalware.jpg

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67ed095adc8c503eb73d3ba0c2c8ee76016ce92aca956d133f6ce8ccdc772790

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:27:08 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9365
cf-polished: origSize=50450, status=webp_bigger
x-forwarded-for: 5.9.120.199
content-disposition: inline;filename="antimalware.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45266
x-xss-protection: 0
expires: Mon, 27 Jan 2025 05:51:03 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "v1902"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AcSy6rZR7iCpbtgeaAwYkcxt1AL6aD3qAKAaYds4hcF98eiv9QxUcryzVVAatpKrok8VviVnWl6RHIk5KqrTjinueAIb%2FaRn29j7UNSj7DTTa1mJ%2BGvFUSqzAm2yZmZPxzGdWf5OaxElZJetrD45"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 70579da44b9d909a-FRA
access-control-expose-headers: Content-Length

GET
H3 200 rocket-loader.min.js Show response
thehackernews.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 26ms
26ms Script
application/javascript 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thehackernews.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:27:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
last-modified: Fri, 29 Apr 2022 13:06:56 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"626be2f0-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J9h4ade6tlCRa1hXOs4nz4ZmAFKAZa0nmCc2VvkFAJJkYnHpjyAzyneY2k3Sx%2FT4nK46SMexZ1XPSaG0R5Iz%2FH5USUFzEsgtLwSZf%2BR3qvTkkBulr6LbDpEM4vpFiD%2FVJS9kcd%2F%2FzIsH2UN3w3%2FQ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 70579da44b9e909a-FRA
expires: Thu, 05 May 2022 08:27:08 GMT

GET
H2 200 adpushup.js Show response
cdn.adpushup.com/37020/ 440 KB
118 KB 94ms
48ms Script
application/javascript 2606:4700:4400::ac40:99f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adpushup.com/37020/adpushup.js
Requested by: Host: thehackernews.com
URL: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:99f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 14bad6303b408069031c463d959b8a16cd25645a4bdbcf7146391b871e3e3a83

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:27:08 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 21 Apr 2022 14:33:50 GMT
server: cloudflare
age: 401561
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
x-cf-geodata: AT
cf-ray: 70579da4aaf49966-FRA
expires: Wed, 04 May 2022 08:27:08 GMT

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c6a9d65e5bd6eb2447ea57e398e1d30f3c6e2d022ecf195933d161ffed964690

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a71328300f380217ae0abf7f805052a10a0c196cb241eb97adf9b905e4a48c8a

Request headers

Referer
Origin: https://thehackernews.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type: application/font-woff

GET
DATA 200
OK truncated
/ 28 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 982d419a646ee8233580681b4347dbe0c9e889871ba885b9a8030008e84dd4d7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 103 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 688a1e2444a1171a4cfbc8674c62d53bc663bf35a7825eb3563851e79694411c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 442 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6795c5c8b9b0aeb87d6663ccd7a71fb9d2f2817fe9b5c2e67bce0d5a5e1309a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 s.js Show response
thehackernews.com/cdn-cgi/zaraz/ 4 KB
2 KB 102ms
102ms Script
text/javascript 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thehackernews.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyQXZvc0xvY2tlciUyMFJhbnNvbXdhcmUlMjBWYXJpYW50JTIwVXNpbmclMjBOZXclMjBUcmljayUyMHRvJTIwRGlzYWJsZSUyMEFudGl2aXJ1cyUyMFByb3RlY3Rpb24lMjIlMkMlMjJ3JTIyJTNBMTYwMCUyQyUyMmglMjIlM0ExMjAwJTJDJTIyaiUyMiUzQTEyMDAlMkMlMjJlJTIyJTNBMTYwMCUyQyUyMmwlMjIlM0ElMjJodHRwcyUzQSUyRiUyRnRoZWhhY2tlcm5ld3MuY29tJTJGMjAyMiUyRjA1JTJGYXZvc2xvY2tlci1yYW5zb213YXJlLXZhcmlhbnQtdXNpbmctbmV3Lmh0bWwlMjIlMkMlMjJyJTIyJTNBJTIyJTIyJTJDJTIyayUyMiUzQTI0JTJDJTIybiUyMiUzQSUyMlVURi04JTIyJTJDJTIybyUyMiUzQTAlMkMlMjJxJTIyJTNBJTVCJTVEJTdE

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc3fe5069ab4b1668c87829522f3631771df5fa7de5e086dcf32b89066077042

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:27:08 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-methods: GET, HEAD, POST, OPTIONS
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y%2B%2B9%2BV%2Fi%2F6Sd03EEIf4lm5mLuQSDAIOKsAq6Pizy5lA45JPqyQL0uiVTnXbsDlfHjJ2jYaBhxs5v5HLRvdzlZyWse3zrssyQbXVCvVso%2BqL7BMlD%2Bm02aMefculA%2BNGhFVIs%2BoYzNn%2B106zN4Kly"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
access-control-allow-origin: https://thehackernews.com
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
cf-ray: 70579da49c03909a-FRA
access-control-allow-headers: Content-Type, Set-Cookie, Cache-Control

GET
DATA 200
OK truncated
/ 194 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f88754ecdaeedbf69845f3cb4015909beff31f92b173185c075ff8ab40ae3d02

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 AVvXsEiN2CRfA_ceqxVqUhWgQghksIlR--dFXivRiP_Zg-Imyju-DxkJsRqAwMZTHptnxs57fD9WZmF-r0rSMTTmTsDQxuSSveVz3PCX_3vRCCJfInCb6CwrA7DzHnLFlcTMEcG5unhBWOA42n8TdYPH4Zbev3is3ygxwbqRjajda3u7AchyDh0rSt5_WqXjyQ
thehackernews.com/new-images/img/a/ 14 KB
15 KB 46ms
45ms Image
image/jpeg 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/a/AVvXsEiN2CRfA_ceqxVqUhWgQghksIlR--dFXivRiP_Zg-Imyju-DxkJsRqAwMZTHptnxs57fD9WZmF-r0rSMTTmTsDQxuSSveVz3PCX_3vRCCJfInCb6CwrA7DzHnLFlcTMEcG5unhBWOA42n8TdYPH4Zbev3is3ygxwbqRjajda3u7AchyDh0rSt5_WqXjyQ

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

13f1878fabdff05f47a87ea13c69587873e49579185df0fa40a3fe150b59600b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:27:08 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 14131
cf-polished: origSize=14792, status=webp_bigger
x-forwarded-for: 165.225.73.40
content-disposition: inline;filename="hacking.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14660
x-xss-protection: 0
expires: Wed, 04 May 2022 04:31:37 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "ve30c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HUDFsN%2FHKGhhPIStMV0JBbRkYEThpzDuHPxOHWsfx1yptGUB%2FuK98nyPvfP8uyXDk20IF4%2FMqjlrS%2FSlNdKvhbwwbusbqFd8aTqYuTMUBolbe%2FYSSG5hmtm5Mb9JWjnn2TPY%2FRd%2BIfT4SrLdmamr"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 70579da4bc2e909a-FRA
access-control-expose-headers: Content-Length

GET
H3 200 linux-1.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhG_jhh9hiswd2AzsR0aCo4MuEub8YtwWhf1ShIH_fynCfsJrWmtt2F85IXLzhTGtMEUD27Op_s2CnLgthjsCDhzTZWerBz5aaATkEYPH4sohkYbIUlb4DAGeEH1EF2H5_bIoqCvljCcU39hjYuY... 3 KB
3 KB 47ms
47ms Image
image/jpeg 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhG_jhh9hiswd2AzsR0aCo4MuEub8YtwWhf1ShIH_fynCfsJrWmtt2F85IXLzhTGtMEUD27Op_s2CnLgthjsCDhzTZWerBz5aaATkEYPH4sohkYbIUlb4DAGeEH1EF2H5_bIoqCvljCcU39hjYuYJuiErrVsn1WgPwMyHpOL9ZNHNy6jRL_HeTPxG_P/w72-h72-p-k-no-nu/linux-1.jpg

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3410135bfdb9641bb550b1acfa8a3c22b6869acb13ca264de90d916a2f869de

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:27:08 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13923
cf-polished: origSize=2644, status=webp_bigger
x-forwarded-for: 164.92.164.141
content-disposition: inline;filename="linux-1.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2620
x-xss-protection: 0
expires: Wed, 04 May 2022 04:35:05 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "v18ad"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XYltbHWTyOdi9IxrpgXop1eSnzxGts6m4%2Bc0ep5Q73PFGhDjb88ksleHhsyGOD5%2FdPo6EaljitgW50Oj8xEB7K4Kg%2BTrhes6QBerCT0lwehDTdbxwgb2aGX732ulJTXlzrNyDLB1oNgEEz9xXUA5"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 70579da4bc32909a-FRA
access-control-expose-headers: Content-Length

GET
H3 200 ddos.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgcC7bVz08G_po9wLVwQl5KQ_Z8LS6B8kHmP4Hr6VsEXJD6wJFl836zBKxmNbzCGwfZe5PLSzaqOSw_kjK-P7Cf7WzCjX8mEQqSVvrkU28sMKbCqKlL0EyCVZHdB13681xVrFDAiObn2WgPWy63O... 1 KB
2 KB 58ms
58ms Image
image/webp 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgcC7bVz08G_po9wLVwQl5KQ_Z8LS6B8kHmP4Hr6VsEXJD6wJFl836zBKxmNbzCGwfZe5PLSzaqOSw_kjK-P7Cf7WzCjX8mEQqSVvrkU28sMKbCqKlL0EyCVZHdB13681xVrFDAiObn2WgPWy63O1t71DBUunbZk7JBXTQxAaxXCXcKuQAwId2gZIqG/w72-h72-p-k-no-nu/ddos.jpg

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34e30ea0ea7173d22b74606721cabad823eeed1fce47ea513d226d08863df02e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:27:08 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13923
cf-polished: origFmt=jpeg, origSize=1464
x-forwarded-for: 164.92.164.141
content-disposition: inline; filename="ddos.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1388
x-xss-protection: 0
expires: Wed, 04 May 2022 04:35:05 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "v18c5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pOXpIx29kOHi7f8YLKaGkLwzF8CIZnsMJ%2FhIzsHFuBXAy4nYOIxNVByXTQ0aAt3qLNC%2FkClT%2BO9pbj6HwzGG%2FrNANktbl%2F7ye%2FTzcLtR6CKL%2FuSibgzqpeQHSA3%2FeqJPrpUvDTi3o4Pk9%2Bx9qT%2Fa"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
vary: Accept, Accept-Encoding
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 70579da4bc38909a-FRA
access-control-expose-headers: Content-Length

GET
H2 200 jquery-2.2.2.min.js Show response
code.jquery.com/ 84 KB
29 KB 78ms
29ms Script
application/javascript 2001:4de0:ac18::1:a:2a
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-2.2.2.min.js
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/37020/adpushup.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: dfa729d82a3effadab1000181cb99108f232721e3b0af74cfae4c12704b35a32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:27:09 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-14e98"
vary: Accept-Encoding
x-hw: 1651566429.dop053.fr8.t,1651566429.cds279.fr8.hn,1651566429.cds253.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 29880

GET
H3 200 cyberwar.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgyKqUtSim4QXqY4S2G6dXRACwBnVZyyVJzR3PlGZPhBWAqhSeypbXkl5jOtXUcsmKtIx8Wvm9jyeQ9pgqwVuHGVzMJR9tu5EnqwnyFypacucb72GS2QKny9F1b-f2mvybKIkU5Il8a1cN_q_bg3... 4 KB
4 KB 43ms
42ms Image
image/jpeg 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgyKqUtSim4QXqY4S2G6dXRACwBnVZyyVJzR3PlGZPhBWAqhSeypbXkl5jOtXUcsmKtIx8Wvm9jyeQ9pgqwVuHGVzMJR9tu5EnqwnyFypacucb72GS2QKny9F1b-f2mvybKIkU5Il8a1cN_q_bg3TfMtCTjukE9lUftSpfi3LLhI2w0-FVoLzryx-9u/w72-h72-p-k-no-nu/cyberwar.jpg

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d99c0a1f45effed75ec4bc8efdbf0df38dc1b3824a2d9d033736410e1d423a44

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:27:09 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 14650
cf-polished: origSize=3760, status=webp_bigger
x-forwarded-for: 45.12.24.27
content-disposition: inline;filename="cyberwar.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3759
x-xss-protection: 0
expires: Wed, 04 May 2022 04:22:59 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "v18e4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n0Olkxy90g4KFS9bdw73Cp5AG1EFoR63qBdNXbr53jMpVn95DYFzcqr%2FkpQeapuU6dOrS6L3JaRYuQVTBV24CBnP81ERUWOmVPPn54VdotwWJ5rAtdc71TwKliY4A8oRK1iANH4lBxEJYmrns4TZ"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 70579da59d25909a-FRA
access-control-expose-headers: Content-Length

GET
H3 200 DB05CD8F-9B7C-4141-AC76-A9C20C649F86.jpeg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjaJr7O3E6PDr1oJSN74q6l-289tOjMkD_Nfgj-HDt0L3yP03KUo1DSIzXWgFgfSlpb3uVymHeDTI8GbZ096k7EPoBRz2BM7IXmnsf7tPl5hlnFYexr4BF-DpyXkDH5f2TcXKtCq2ycEiiFAWbOU... 4 KB
5 KB 37ms
36ms Image
image/webp 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjaJr7O3E6PDr1oJSN74q6l-289tOjMkD_Nfgj-HDt0L3yP03KUo1DSIzXWgFgfSlpb3uVymHeDTI8GbZ096k7EPoBRz2BM7IXmnsf7tPl5hlnFYexr4BF-DpyXkDH5f2TcXKtCq2ycEiiFAWbOUqiVPLbm4mjXlstMcMoP7WnTLJY5fGCoU-hJIFtA/w72-h72-p-k-no-nu/DB05CD8F-9B7C-4141-AC76-A9C20C649F86.jpeg

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c991c17b9488f187e5d24db3bda532715a71bc74026a44efe1fcb59eeaf0d2c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:27:09 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13924
cf-polished: origFmt=jpeg, origSize=4982
x-forwarded-for: 164.92.164.141
content-disposition: inline; filename="DB05CD8F-9B7C-4141-AC76-A9C20C649F86.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4094
x-xss-protection: 0
expires: Wed, 04 May 2022 04:35:05 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "v1888"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Do0YRRlpHCcba2wcaWNa20VWVsdgq8%2Fcbi%2FhsZTK101E7Ih3drII25bK4oTWETJBBC4S1pU11zf5GX7EyAFccXqC%2B0Pv8PkuMEuRqfgP26GAUzCwxj6dnHrS%2FU8B11eTkhZGMXgChpULlm%2Fxmd8Y"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
vary: Accept, Accept-Encoding
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 70579da59d26909a-FRA
access-control-expose-headers: Content-Length

GET
H3 200 azure.gif
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEg_B9_jK9eIoOK_9EK6eAmTTn5rzwQd3l847C-9M7BMrt3QGfmHJpTJGuq8UNtYJSl6huMJTlBiCGNMOJtthHtXrHtGLU45bnty2XQcj0JpajeFqWOVJ8Jin5hlLf8ziYsTSv2sNInOPOXLHA732... 820 B
2 KB 44ms
44ms Image
image/webp 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEg_B9_jK9eIoOK_9EK6eAmTTn5rzwQd3l847C-9M7BMrt3QGfmHJpTJGuq8UNtYJSl6huMJTlBiCGNMOJtthHtXrHtGLU45bnty2XQcj0JpajeFqWOVJ8Jin5hlLf8ziYsTSv2sNInOPOXLHA732NC7us5gRSCAihcdkOV73t37ZTANDbiSXnmHjmLh/w72-h72-p-k-no-nu/azure.gif

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

976923d90016cb34d72690198dd87a33a3344e07c3d7aea413356b01cab31ccd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:27:09 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 16206
cf-polished: origFmt=gif, origSize=1630
x-forwarded-for: 2a01:4f8:210:341c:1234:1234:3fbd:1
content-disposition: inline; filename="azure.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 820
x-xss-protection: 0
expires: Wed, 04 May 2022 03:57:03 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "v18de"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WbC8qckSUPZVnzq187yFxCW1Hi%2FrYkA33MnqEWI2B%2BvfHcfL54ybe8ZG9j4ppKo47o3JBg1%2FOXLIkACvaP4hC09U%2BxTg4RgGIuXgdu3FNxDOFMpSFt6NPJAPdQRSAahdF93%2BuJvHuIVRc7HSjKIT"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
vary: Accept, Accept-Encoding
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 70579da59d27909a-FRA
access-control-expose-headers: Content-Length

GET
H3 200 TA410.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiYAYM0sUuv7LR7iDFaTtU0nR6zXcO2QhMAt8G9GCUnWHJtuwjAYvPFLOCWlTk9eN1_W2NVoIk0SDHLLWtHWILJ1zHpJJ5WDD4n-crU75MkBvzMjWtGQuSyK7KB1KFdKyUS-JRWQUgMkqpPqSWtE... 3 KB
4 KB 42ms
41ms Image
image/jpeg 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiYAYM0sUuv7LR7iDFaTtU0nR6zXcO2QhMAt8G9GCUnWHJtuwjAYvPFLOCWlTk9eN1_W2NVoIk0SDHLLWtHWILJ1zHpJJ5WDD4n-crU75MkBvzMjWtGQuSyK7KB1KFdKyUS-JRWQUgMkqpPqSWtE6z7Lb-jnbiFSlPa5e9UQ_lX-Yfd6mmPKJkI9tVi/w72-h72-p-k-no-nu/TA410.jpg

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15e22ed60f494e473c8c8df804157465b9a7606101b2d36aa2ef750d2b12c707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:27:09 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 14650
cf-polished: status=not_needed
x-forwarded-for: 45.12.24.27
content-disposition: inline;filename="TA410.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3131
x-xss-protection: 0
expires: Wed, 04 May 2022 04:22:59 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "v18da"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qEDJIxqcivQZKyTh6mkKPPFWrmlBWks91nDvNdxl%2BF9vL3oXzOsvOfZNYlgUFjGwvt6evyp8U5T7063c%2BUFP5XW0O403Pj6sxN2ecV5XD2XCxOnX5%2BgwdFOJBe0rYdIsy%2BRwB7t8rWAwOtLBxfJh"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 70579da59d28909a-FRA
access-control-expose-headers: Content-Length

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 94ms
27ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:27:09 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 335222
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27938
timing-allow-origin: *
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "603e8adc-15d9d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TG19t9v1hwL4nz74NoAVZ2wPYN2mY4u%2BPcWW0Dbp0KOX%2Fv96GEMwp6yBBhH5jXF1wO36WQLWp0KdnmC03i7ltBMqFtVXaJjddoVpIiLjMNShhzW%2B6%2B2eA0ppfqjGG%2FUgHZZbqrIlIDC%2F7s5VdMBHPm86"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 70579da66ca1905b-FRA
expires: Sun, 23 Apr 2023 08:27:09 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 161 KB
55 KB 112ms
46ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3125bf0377e63d9fed7cca67e15bb46973fbb2b970353a5f23bd0676c247ab34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:27:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56186
x-xss-protection: 0
server: cafe
etag: 15958379413354961086
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 03 May 2022 08:27:09 GMT

GET
H2 200 pb.37020.1631637442652.js Show response
cdn.adpushup.com/prebid/ 314 KB
95 KB 44ms
43ms Script
application/javascript 2606:4700:4400::ac40:99f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adpushup.com/prebid/pb.37020.1631637442652.js
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/37020/adpushup.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:99f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b6285dce6b9fb557bd0c15683c62f9be0f2e0b760086854b59c952791ba9e8ae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:27:09 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 Sep 2021 16:38:00 GMT
server: cloudflare
age: 3968664
etag: W/"6140cfe8-4e812"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 70579da60dac9966-FRA
expires: Wed, 03 May 2023 08:27:09 GMT

GET
BLOB 200
OK 6abda146-b242-44d2-8c9a-57b47489332c
https://thehackernews.com/ 4 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://thehackernews.com/6abda146-b242-44d2-8c9a-57b47489332c
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41f36457d5ec5bd7d115c29bea53e0d1ff77de7418837ef39e897f3b7d497e8a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Length: 3743

GET
H2 200 quantcast.js Show response
cdn.adpushup.com/pbuseridscripts/ 450 B
347 B 29ms
29ms Script
application/javascript 2606:4700:4400::ac40:99f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adpushup.com/pbuseridscripts/quantcast.js
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/37020/adpushup.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:99f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26914004d3a8d5ddde2202b642d7936eb61c9f195b5cd3c87e44ef8ad4d57c16

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:27:09 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 28 Jun 2021 04:15:23 GMT
server: cloudflare
age: 5523814
etag: W/"60d94cdb-1c2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 70579da6ef529966-FRA
expires: Wed, 03 May 2023 08:27:09 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 82 KB
28 KB 100ms
48ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/37020/adpushup.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

993bfa65bf339a219338e2e8bb37950b8fa1e0b6a59a9d98fcb58dcd548b3e10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:27:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28407
x-xss-protection: 0
server: sffe
etag: "1203 / 837 of 1000 / last-modified: 1651529174"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 03 May 2022 08:27:09 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 135 KB
37 KB 69ms
24ms Script
application/javascript 52.222.210.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/37020/adpushup.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.210.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-210-175.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 1909b2a83fd41494d94862c4323944d9d0aa1f1e653f252ea5a73fc5944308b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:14:32 GMT
content-encoding: gzip
age: 756
x-cache: Hit from cloudfront
timing-allow-origin: *
server: Server
x-amz-rid: 07HZMNDWAD85NTSND1VM
etag: 4abd427e43cd6822329a2c05539e321f
vary: Accept-Encoding
x-amz-version-id: 6RTeJ.t3xDSJXjTxhAMtPfr9IcIsozAE
via: 1.1 7abd55cee48606340f570b45718202b6.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA56-P3
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: 6csZRC7O6LZFIGKLc5yN0YllWNx9FnVPjLDhkVpXs-MSVjw3lxzRJw==

GET
H/1.1 204
No Content log
aplogger.adpushup.com/ 0
119 B 98ms
31ms Image
text/plain 51.124.210.81
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aplogger.adpushup.com/log?pxRes=false&event=PPID_ANALYTICS_C1&data=eyJ1c2VySWQiOm51bGwsInNlc3Npb25JZCI6bnVsbCwicHBpZEFwcGxpY2FibGUiOiJNaXNzaW5nIiwic2l0ZUlkIjozNzAyMH0%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.124.210.81 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Connection: keep-alive
Date: Tue, 03 May 2022 08:27:09 GMT
Server: nginx/1.14.0 (Ubuntu)

GET
H2 200 sync
e3.adpushup.com/AdPushupFeedbackWebService/user/ 70 B
320 B 91ms
29ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e3.adpushup.com/AdPushupFeedbackWebService/user/sync
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 May 2022 08:27:08 GMT
ap-cookie-status: cookies ap_uid and ap_usid not set due to GDPR
access-control-allow-methods: GET, POST
content-type: image/png
access-control-allow-origin: https://thehackernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 70
expires: 0

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204270101/ 308 KB
110 KB 97ms
50ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204270101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7983783048239650&plah=thehackernews.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bdf4a2aff574ee0307e42499c86d7f267e6b25db893e77e79329b042f9f16d87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:27:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112664
x-xss-protection: 0
server: cafe
etag: 8982436967942121892
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 03 May 2022 08:27:09 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220428/r20190131/ Frame 2AF1 10 KB
5 KB 73ms
22ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220428/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7339fe12f332ac7ecd6e0ef04bb7a48fad9e74be887d67f458548ff33ea4db65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 31471
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4404
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 02 May 2022 23:42:38 GMT
etag: 3347421328414474149
expires: Mon, 16 May 2022 23:42:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 AGSKWxWGtL7zuZ1y1IcNdDu97XV3A1nSFYlAxzUsMF11iBnZwCEpDsaZDLJvauA2_Cx3VImW-PkAxWSsA1Yld5y1tqA= Show response
fundingchoicesmessages.google.com/f/ 91 KB
33 KB 115ms
63ms Script
application/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWGtL7zuZ1y1IcNdDu97XV3A1nSFYlAxzUsMF11iBnZwCEpDsaZDLJvauA2_Cx3VImW-PkAxWSsA1Yld5y1tqA=

Requested by

Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/37020/adpushup.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

475eec7f9197ce6aa2e7921122d5b97bde381cf90cc8626360f3d1c490ed1bbe

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-OFkt0hQkXDtDt0m0dciPTg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-OFkt0hQkXDtDt0m0dciPTg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy: script-src 'report-sample' 'nonce-OFkt0hQkXDtDt0m0dciPTg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-OFkt0hQkXDtDt0m0dciPTg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
date: Tue, 03 May 2022 08:27:09 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: application/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
10 KB 75ms
29ms Script
application/javascript 2620:116:800d:21:ee05:6a01:4b41:8c89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/pbuseridscripts/quantcast.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:ee05:6a01:4b41:8c89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:27:09 GMT
content-encoding: gzip
etag: "u2JtyZzqnTXwzBUswy2r+w=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Tue, 10 May 2022 08:27:09 GMT

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
310 B 22ms
21ms XHR
text/plain 52.222.210.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fthehackernews.com&pubid=2e7e1587-d92f-46dd-8721-80b53eccb87e
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.210.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-210-175.fra56.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 05:56:22 GMT
via: 1.1 7abd55cee48606340f570b45718202b6.cloudfront.net (CloudFront)
server: Server
age: 9046
x-cache: Hit from cloudfront
access-control-allow-origin: https://thehackernews.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P3
x-amz-cf-id: MyslLMsIni2KTapnJIWpQmI2UX2T5t6hiTDvuwnOoWcy84tHI9QiMQ==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 69ms
23ms XHR
application/javascript 52.222.210.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.210.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-210-175.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-amz-version-id: aaJeHz3g2a7aWr9hYquBq.aDaObnNoK3
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 15028
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Thu, 28 Apr 2022 01:41:20 GMT
server: AmazonS3
date: Tue, 03 May 2022 04:16:42 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 9e1b24b39ac8b669f996f1e7907eb696.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA56-P3
x-amz-cf-id: gSBzU4Qo-xjtp1IMPGAfa1offsuDAz63jy8ioEChGIjlVMnshD21fA==

GET
H3 200 pubads_impl_2022042801.js Show response
securepubads.g.doubleclick.net/gpt/ 367 KB
125 KB 65ms
21ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042801.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

0b8a17793a0291b59ff3b8553ec9fe1d3cccc8cf1b482a408184d3a2f4d1405f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 07:52:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2096
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127788
x-xss-protection: 0
last-modified: Thu, 28 Apr 2022 08:38:15 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 03 May 2023 07:52:13 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 164 B
138 B 75ms
31ms XHR
application/json 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=thehackernews.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

019d22d3e70ec460a085db138f131a9d77cb25175dd7eecb155305c270ed221c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 03 May 2022 08:27:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
expires: Tue, 03 May 2022 08:27:09 GMT

GET
H2 200 rules-p-54Nt-1NAaEEe0.js Show response
rules.quantcount.com/ 2 B
346 B 69ms
22ms Script
application/javascript 2600:9000:223e:0:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-54Nt-1NAaEEe0.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:0:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:02:44 GMT
via: 1.1 88f858f045c3909fad9cebbada511aee.cloudfront.net (CloudFront)
server: AmazonS3
age: 1465
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA56-P4
content-length: 2
x-amz-cf-id: mdr5UhDTycOZknlj9y-G9pkzrkPJ4BDD7OHRufdst6X8IqhRZNXhxQ==

POST
H3 204 AGSKWxVKu11gtlImYZmCi4uVmasIO0a8eHnYRI5PNfnB1XODf7KYWOAG-B3gK0LEkqBwmJo3T1NWh-t0z3xtJiGA9hCwQyPsTgsoZ8RgVRzVnnIFEJlfu5mc4lQPdFYkZ1jtgFcibGVV-__BSsI9oMLJxawIWPVM53RCjbGVOmnaVvZPVRiPFZkETMf_M8t2 Show response
fundingchoicesmessages.google.com/el/ 0
29 B 124ms
75ms XHR
text/html 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVKu11gtlImYZmCi4uVmasIO0a8eHnYRI5PNfnB1XODf7KYWOAG-B3gK0LEkqBwmJo3T1NWh-t0z3xtJiGA9hCwQyPsTgsoZ8RgVRzVnnIFEJlfu5mc4lQPdFYkZ1jtgFcibGVV-__BSsI9oMLJxawIWPVM53RCjbGVOmnaVvZPVRiPFZkETMf_M8t2

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.7Mt0oNJ9F88.es5.O/d=1/rs=AJlcJMyI1kHKGG46MNRqUtuj4v_dSai9vw/m=kernel_loader,loader_js_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-lAonT2aY3MInYiH9XDhiRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-lAonT2aY3MInYiH9XDhiRA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 03 May 2022 08:27:09 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
access-control-allow-origin: https://thehackernews.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorLoggingHttp"
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
report-to: {"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-lAonT2aY3MInYiH9XDhiRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-lAonT2aY3MInYiH9XDhiRA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVKu11gtlImYZmCi4uVmasIO0a8eHnYRI5PNfnB1XODf7KYWOAG-B3gK0LEkqBwmJo3T1NWh-t0z3xtJiGA9hCwQyPsTgsoZ8RgVRzVnnIFEJlfu5mc4lQPdFYkZ1jtgFcibGVV-__BSsI9oMLJxawIWPVM53RCjbGVOmnaVvZPVRiPFZkETMf_M8t2 Show response
fundingchoicesmessages.google.com/el/ 0
29 B 86ms
38ms XHR
text/html 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-vJYU1dzcRlZLYYpm0DfUYA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-vJYU1dzcRlZLYYpm0DfUYA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 03 May 2022 08:27:09 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
access-control-allow-origin: https://thehackernews.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorLoggingHttp"
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
report-to: {"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-vJYU1dzcRlZLYYpm0DfUYA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-vJYU1dzcRlZLYYpm0DfUYA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 feedback
e3.adpushup.com/AdPushupFeedbackWebService/ 70 B
131 B 29ms
29ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e3.adpushup.com/AdPushupFeedbackWebService/feedback?data=eyJjcmVhdGVkVFMiOjE2NTE1NjY0Mjk0NTEsInBhY2tldElkIjoiMDAwMDkwOUMtOTdkMTYyOTItY2I0Ny00NTM0LWI5MTgtOWRmODI1NzIxZDY3Iiwic2l0ZUlkIjozNzAyMCwic2l0ZURvbWFpbiI6Imh0dHBzOi8vdGhlaGFja2VybmV3cy5jb20vIiwidXJsIjoiaHR0cHM6Ly90aGVoYWNrZXJuZXdzLmNvbS8yMDIyLzA1L2F2b3Nsb2NrZXItcmFuc29td2FyZS12YXJpYW50LXVzaW5nLW5ldy5odG1sIiwibW9kZSI6MiwiZXJyb3JDb2RlIjo3LCJyZWZlcnJlciI6IiIsInBhZ2VHcm91cCI6IlBPU1QiLCJwbGF0Zm9ybSI6IkRFU0tUT1AiLCJpc0dlbmllZSI6ZmFsc2UsInNlY3Rpb25zIjpudWxsfQ%3D%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 May 2022 08:27:09 GMT
access-control-allow-methods: GET, POST
content-type: image/png
access-control-allow-origin: https://thehackernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 70
expires: 0

POST
H3 204 AGSKWxUUX5ZecTBYuMMvcwM5Cw8sYg17Y8zXeTqzT2T-lfKtcAVi6nq1hTwGC7377CECt_ZgTcYw9s1oBS0x2Y40mi7wa23XTqg-Xz9NfmqGYhlp3c8npprzkZrpQeVB3s80_jOrpoC9DiFIHNDTgMadKr_2fimQl6Me9fWcsEup7HsSpPe_xwlOWjvmp7UL Show response
fundingchoicesmessages.google.com/el/ 0
28 B 98ms
74ms XHR
text/html 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUUX5ZecTBYuMMvcwM5Cw8sYg17Y8zXeTqzT2T-lfKtcAVi6nq1hTwGC7377CECt_ZgTcYw9s1oBS0x2Y40mi7wa23XTqg-Xz9NfmqGYhlp3c8npprzkZrpQeVB3s80_jOrpoC9DiFIHNDTgMadKr_2fimQl6Me9fWcsEup7HsSpPe_xwlOWjvmp7UL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-2/ZQdlpOauAjBUeH2q396Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-2/ZQdlpOauAjBUeH2q396Q' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 03 May 2022 08:27:09 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://thehackernews.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-2/ZQdlpOauAjBUeH2q396Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-2/ZQdlpOauAjBUeH2q396Q' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxWRWiBuCUN6cpWEIZYvgqBkRyudCqkMtpXXGpMo14gJc9D9UqHrkb1h_SFBK1XOvIg0-XPxRMU0Ex9Oqy9qXMyyr6VWEPA3xMwkm_NGjV4JP-cI24GueTivbo7CMfzLj0iI-jplI-lD2n6Oxs0h_yrxMZt9dOFlqDjQ8HQnyTuqGFH_OYMVlXqiYyMd Show response
fundingchoicesmessages.google.com/f/ 258 KB
53 KB 128ms
81ms Script
application/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWRWiBuCUN6cpWEIZYvgqBkRyudCqkMtpXXGpMo14gJc9D9UqHrkb1h_SFBK1XOvIg0-XPxRMU0Ex9Oqy9qXMyyr6VWEPA3xMwkm_NGjV4JP-cI24GueTivbo7CMfzLj0iI-jplI-lD2n6Oxs0h_yrxMZt9dOFlqDjQ8HQnyTuqGFH_OYMVlXqiYyMd?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjUxNTY2NDI5LDQ3ODAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly90aGVoYWNrZXJuZXdzLmNvbS8yMDIyLzA1L2F2b3Nsb2NrZXItcmFuc29td2FyZS12YXJpYW50LXVzaW5nLW5ldy5odG1sIixudWxsLFtdXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b64123526da963fbec0f7acc2f7fb1afca168702ff476391f1179095bb3d5a1a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-sQccQOnc6Z+cxhsT+O34ow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-sQccQOnc6Z+cxhsT+O34ow' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:27:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: application/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-sQccQOnc6Z+cxhsT+O34ow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-sQccQOnc6Z+cxhsT+O34ow' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eae76cb616003cb3e918dfd9f58d63cc8e832aa9d11a9eda64b1476af57e746a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H2 200 feedback
e3.adpushup.com/AdPushupFeedbackWebService/ 70 B
131 B 30ms
30ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e3.adpushup.com/AdPushupFeedbackWebService/feedback?data=eyJjcmVhdGVkVFMiOjE2NTE1NjY0Mjk0ODcsInBhY2tldElkIjoiMDAwMDkwOUMtOTdkMTYyOTItY2I0Ny00NTM0LWI5MTgtOWRmODI1NzIxZDY3Iiwic2l0ZUlkIjozNzAyMCwic2l0ZURvbWFpbiI6Imh0dHBzOi8vdGhlaGFja2VybmV3cy5jb20vIiwidXJsIjoiaHR0cHM6Ly90aGVoYWNrZXJuZXdzLmNvbS8yMDIyLzA1L2F2b3Nsb2NrZXItcmFuc29td2FyZS12YXJpYW50LXVzaW5nLW5ldy5odG1sIiwibW9kZSI6MSwiZXJyb3JDb2RlIjoxLCJyZWZlcnJlciI6IiIsInBhZ2VHcm91cCI6IlBPU1QiLCJwbGF0Zm9ybSI6IkRFU0tUT1AiLCJpc0dlbmllZSI6ZmFsc2UsInNlY3Rpb25zIjpbeyJzZWN0aW9uSWQiOiI5NjdlY2ZhZC1iZjZiLTQyOWUtOWEzOS05NzcwYzhiN2QxODgiLCJzZWN0aW9uTmFtZSI6IkFQX1RfUl9yZXNwb25zaXZlWHJlc3BvbnNpdmVfOTY3ZWMiLCJzdGF0dXMiOjEsIm5ldHdvcmsiOiJhZHBUYWdzIiwibmV0d29ya0FkVW5pdElkIjoiQURQXzM3MDIwX3Jlc3BvbnNpdmVYcmVzcG9uc2l2ZV85NjdlY2ZhZC1iZjZiLTQyOWUtOWEzOS05NzcwYzhiN2QxODgiLCJzZXJ2aWNlcyI6WzIsM10sImFkVW5pdFR5cGUiOjF9XX0%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 May 2022 08:27:09 GMT
access-control-allow-methods: GET, POST
content-type: image/png
access-control-allow-origin: https://thehackernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 70
expires: 0

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
493 B 55ms
55ms XHR
text/javascript 52.222.210.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthehackernews.com%2F2022%2F05%2Favoslocker-ransomware-variant-using-new.html&pid=sJI2BRqfP5jYu&cb=0&ws=1600x1200&v=7.75.0&t=3000&slots=%5B%7B%22sd%22%3A%22ADP_37020_responsivexresponsive_00000001-7f340f1c-1ced-486f-b3a3-b1a82c3f3099%22%2C%22s%22%3A%5B%22730x290%22%2C%22728x280%22%2C%22728x250%22%2C%22728x90%22%2C%22690x90%22%2C%22690x250%22%2C%22690x280%22%2C%22675x90%22%2C%22675x280%22%2C%22675x250%22%2C%22670x90%22%2C%22670x280%22%2C%22670x250%22%2C%22650x90%22%2C%22650x280%22%2C%22650x250%22%2C%22650x150%22%2C%22630x90%22%2C%22630x280%22%2C%22630x250%22%2C%22602x100%22%2C%22600x90%22%2C%22600x280%22%2C%22600x250%22%2C%22580x90%22%2C%22570x90%22%2C%22550x150%22%2C%22468x60%22%2C%22336x280%22%2C%22320x50%22%2C%22320x100%22%2C%22300x50%22%2C%22300x100%22%2C%22300x75%22%2C%22300x250%22%2C%22250x250%22%2C%22200x200%22%5D%2C%22sn%22%3A%22%2F103512698%2F22055424785%22%7D%5D&schain=1.0%2C1!adpushup.com%2Caeb138a66c47c1d438a8907993e81712%2C1%2C%2C%2C&pubid=2e7e1587-d92f-46dd-8721-80b53eccb87e&gdpre=1&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.210.175 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-210-175.fra56.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:27:09 GMT
via: 1.1 7abd55cee48606340f570b45718202b6.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P3
x-amz-rid: 4A593B5X219Y9C1V2SS6
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://thehackernews.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: vXF2Td4iHBGUQmsrLjUQ87ewyqsiR58BXp-UPxFZpU7Lazj50ksNlQ==

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 122ms
39ms Preflight
application/json 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthehackernews.com%2F&domain=thehackernews.com&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://thehackernews.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://thehackernews.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Tue, 03 May 2022 08:27:08 GMT
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 960
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
2 KB 87ms
38ms XHR
application/json 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20220503

Requested by

Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1631637442652.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

24778ef76bbb7f6b5503bf526d3334e8b7dd6f6da4d2c6805c83c15493e018d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 03 May 2022 08:27:09 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 19566
x-jsd-version: 1.0.1329
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19133-FRA, cache-cdg20777-CDG
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"668-1ZXieMyFAKPTHR/fkWFRx80PphY"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=buvaUj5ZkAbtbVY0T7yDI%2BPUgwZr95EAJ4uK4iTlMLD8ChrmP5JRi%2B2of6t7%2B%2FZDO9navca%2FaqOMIeUngvxNlRKJDbZfvPhHPv8IzHqLe8VGc0flEVnMz%2BS%2BYRcz73Al0zti2fq1KRyEeCvARgQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 70579da90e109b25-FRA
access-control-expose-headers: *

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthehackernews.com%2F&domain=thehackernews.com&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=Y1j6UXxYMUJ0MXNRQlhlOG55VGtUOWF3TU95Skc0OU5FU3IrSjAwWnRaN0M0QXhrK3JieGFhVkZ4TXVWWGZOeW1rTGpPN0hUbWhFdERNTE9iR1QvVHBiMGJBUnFvUVl2bm5qWmtKZ3o2SmJvWnBiRHBMYzk0T0pxRms4cj...

356 B
623 B

153ms
52ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=Y1j6UXxYMUJ0MXNRQlhlOG55VGtUOWF3TU95Skc0OU5FU3IrSjAwWnRaN0M0QXhrK3JieGFhVkZ4TXVWWGZOeW1rTGpPN0hUbWhFdERNTE9iR1QvVHBiMGJBUnFvUVl2bm5qWmtKZ3o2SmJvWnBiRHBMYzk0T0pxRms4cjBhaGZLc3R0V0NJRWpYdjFZTjZqZ09jeG91SWtFQVdidHh1VXNQZzArc01zSlFyYzZlRy9HNW10MllHOFRWMDF1QWhOUjdhcjQ0bDc4VjhGZWxDU3I2NWZFbWlCdHlSbWtBalA1Z3FSUmxOMEpGSFNHYVYwb21iTGQyZ25oZGFobjdrOXNSdVNGfA&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

b0b0b90a567bf72dc2464fa920bec827944ee07b587c212f9f81468ccc4a7857

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 May 2022 08:27:09 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3010
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 03 May 2022 08:27:09 GMT
location: https://mug.criteo.com/sid?cpp=Y1j6UXxYMUJ0MXNRQlhlOG55VGtUOWF3TU95Skc0OU5FU3IrSjAwWnRaN0M0QXhrK3JieGFhVkZ4TXVWWGZOeW1rTGpPN0hUbWhFdERNTE9iR1QvVHBiMGJBUnFvUVl2bm5qWmtKZ3o2SmJvWnBiRHBMYzk0T0pxRms4cjBhaGZLc3R0V0NJRWpYdjFZTjZqZ09jeG91SWtFQVdidHh1VXNQZzArc01zSlFyYzZlRy9HNW10MllHOFRWMDF1QWhOUjdhcjQ0bDc4VjhGZWxDU3I2NWZFbWlCdHlSbWtBalA1Z3FSUmxOMEpGSFNHYVYwb21iTGQyZ25oZGFobjdrOXNSdVNGfA&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://thehackernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1473
content-length: 509
expires: 0

POST
H3 204 AGSKWxUOu5SRcCHMG-wq-R0a26esVYNkL1ARnRPLIVBTlik0hNJI11KK6vBhK0GWGIKgYJVsuFQ6l34MYqwLZm83NsPk6WpOyeK4RjYBTxbir3abT7YRa_NYh4GbTGuYQmY-D-vsBe2mDNEt5Am39x5ldlbNcq9PJKxBnwSVFyzDy3cn8_QcZDF-dRu8OLuP Show response
fundingchoicesmessages.google.com/el/ 0
28 B 41ms
40ms XHR
text/html 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUOu5SRcCHMG-wq-R0a26esVYNkL1ARnRPLIVBTlik0hNJI11KK6vBhK0GWGIKgYJVsuFQ6l34MYqwLZm83NsPk6WpOyeK4RjYBTxbir3abT7YRa_NYh4GbTGuYQmY-D-vsBe2mDNEt5Am39x5ldlbNcq9PJKxBnwSVFyzDy3cn8_QcZDF-dRu8OLuP?dmid=970e7566fd7b1e49

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorIabTcfV2ClientJs.de.0ATJuL1skxA.es5.O/d=1/rs=AJlcJMxMk6HBPMPDsjTow-SkxL80w3_uYQ/m=iabtcfv2wallscript

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-nlTLE5vuKnUXckMTdESDyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-nlTLE5vuKnUXckMTdESDyQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 03 May 2022 08:27:09 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://thehackernews.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-nlTLE5vuKnUXckMTdESDyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-nlTLE5vuKnUXckMTdESDyQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxUOu5SRcCHMG-wq-R0a26esVYNkL1ARnRPLIVBTlik0hNJI11KK6vBhK0GWGIKgYJVsuFQ6l34MYqwLZm83NsPk6WpOyeK4RjYBTxbir3abT7YRa_NYh4GbTGuYQmY-D-vsBe2mDNEt5Am39x5ldlbNcq9PJKxBnwSVFyzDy3cn8_QcZDF-dRu8OLuP Show response
fundingchoicesmessages.google.com/el/ 0
28 B 76ms
76ms XHR
text/html 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-UK2RA+e5dqZHJvIQou4dKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-UK2RA+e5dqZHJvIQou4dKg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 03 May 2022 08:27:09 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://thehackernews.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-UK2RA+e5dqZHJvIQou4dKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-UK2RA+e5dqZHJvIQou4dKg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ 60 KB
4 KB 157ms
38ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

50d12a14f7245d52135bfe7ac98df628b4aa815f03ce81c7c347d0277450197f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 03 May 2022 08:27:09 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 03 May 2022 08:27:09 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 03 May 2022 08:27:09 GMT

POST
H3 204 AGSKWxUOu5SRcCHMG-wq-R0a26esVYNkL1ARnRPLIVBTlik0hNJI11KK6vBhK0GWGIKgYJVsuFQ6l34MYqwLZm83NsPk6WpOyeK4RjYBTxbir3abT7YRa_NYh4GbTGuYQmY-D-vsBe2mDNEt5Am39x5ldlbNcq9PJKxBnwSVFyzDy3cn8_QcZDF-dRu8OLuP Show response
fundingchoicesmessages.google.com/el/ 0
29 B 42ms
42ms XHR
text/html 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-oalsT5KTTCjmncfERwBXPw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-oalsT5KTTCjmncfERwBXPw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 03 May 2022 08:27:09 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
access-control-allow-origin: https://thehackernews.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorLoggingHttp"
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
report-to: {"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-oalsT5KTTCjmncfERwBXPw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-oalsT5KTTCjmncfERwBXPw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v128/ 125 KB
125 KB 396ms
83ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/materialicons/v128/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f082f7fa9332a6055b254e19c987cc6f3a37b5ece6a1920978aaaa785d3df60b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://thehackernews.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 19:26:25 GMT
x-content-type-options: nosniff
age: 478845
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127508
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 15:12:17 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 27 Apr 2023 19:26:25 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v28/ 44 KB
44 KB 324ms
24ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v28/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://thehackernews.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 22:45:07 GMT
x-content-type-options: nosniff
age: 553323
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44656
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 22:03:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Apr 2023 22:45:07 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v28/ 44 KB
44 KB 346ms
48ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v28/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://thehackernews.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 22:45:07 GMT
x-content-type-options: nosniff
age: 553323
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44656
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 22:03:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Apr 2023 22:45:07 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v28/ 44 KB
44 KB 362ms
64ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v28/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://thehackernews.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 22:45:07 GMT
x-content-type-options: nosniff
age: 553323
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44656
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 22:03:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Apr 2023 22:45:07 GMT

GET
H3 200 Q2-banner.png
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjPD7SbMH8hVmk7eqMrN-axGAlI1Q4Iahlgu1f1EXaGIxOLoeYQORPRM-T7SzigGtlrUzMi7MEpjx-lUQ-uLRNSa0OnEBXnd53Fn2F0I-aqZiq2H4uaztN2x6E_A0M8aPxpbb9UjTpef1I_eTAC0... 31 KB
32 KB 40ms
39ms Image
image/webp 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjPD7SbMH8hVmk7eqMrN-axGAlI1Q4Iahlgu1f1EXaGIxOLoeYQORPRM-T7SzigGtlrUzMi7MEpjx-lUQ-uLRNSa0OnEBXnd53Fn2F0I-aqZiq2H4uaztN2x6E_A0M8aPxpbb9UjTpef1I_eTAC0hPdKxLtT5OjL5TyasVP4idyn5x0Rf_FUvYWWhLGAg/s728-e100/Q2-banner.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

088064dd05ae8be6102a1ebc9c2ad4e04b65b83ff00230e38c46d466455ef072

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:27:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13364
cf-polished: origFmt=png, origSize=48670
x-forwarded-for: 18.158.190.62
content-disposition: inline; filename="Q2-banner.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 31902
x-xss-protection: 0
expires: Thu, 11 Aug 2022 04:44:26 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "ve35e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NFTlNMthCnmgFXKB8%2BM8TlXLjszarArILv%2F%2BYceTdDENcv2z%2Brz6P%2BH0Nlrbk9GbJJ3pTU%2F4JIYqgAOCBK30APB507KSHihTPE%2B2kx2xVCz85%2BWNkxjCBqXw9lC8NfowY3Qk1CCSlbSFhy%2Bz7IEm"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
vary: Accept, Accept-Encoding
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 70579dac4c47909a-FRA
access-control-expose-headers: Content-Length

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 343ms
51ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Tue, 03 May 2022 08:27:09 GMT
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 1283
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 404 crowdsec-728.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj6zHdXd3qpCksF0nkMkrjsOzaw-cxZGPHWoTEp9y7VPIeyPBFGsmIyIX8NTkqI1IDqnIXYnsZuIh4rc9f8TNUn7ndAZqtXc-t58X2oueTaL4Ijb4hgH-b183QvQ0ienXIipuOsqeLP5b8I2prKm... 68 KB
68 KB 50ms
50ms Image
text/html 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj6zHdXd3qpCksF0nkMkrjsOzaw-cxZGPHWoTEp9y7VPIeyPBFGsmIyIX8NTkqI1IDqnIXYnsZuIh4rc9f8TNUn7ndAZqtXc-t58X2oueTaL4Ijb4hgH-b183QvQ0ienXIipuOsqeLP5b8I2prKmp0RWvdZQgnKehVRKbqRQpin1JgfwlZeE_IB4EmesQ/s1600/crowdsec-728.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca74c51b195cf87f448aca5401db513b4ab5baff9a67a8a8ced49ab05919a9d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 03 May 2022 08:27:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 16006
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B9qSxIGV%2Fn5U0yf3I%2B7LAVxYsw5pAaj88%2F6yUieDoZ4oQknwJNZUULNfp05GHhAJhgzLn4WjjXa5DH%2BxCvu%2BjiwjH0tD0RrfkdHVq5ipp8gvRv44HG%2B2%2B4vmYvC%2BDHYgmm9JoEmuLny3BR05FbhB"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-ray: 70579dad5d6e909a-FRA
expires: Mon, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

81 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.thehackernews.com/	1970-01-22 13:11:59	Name: _ga Value: 4592c724-9e5c-42e9-98df-cfdea3c63128
thehackernews.com/	1970-01-20 03:29:18	Name: _pbjs_userid_consent_data Value: 3524755945110770
.thehackernews.com/	1970-01-20 03:29:18	Name: _pubcid Value: 4a58a723-1f2f-486b-97ae-338125bdc6b2
thehackernews.com/	1970-01-20 12:07:42	Name: cto_bidid Value: t7ELuF9LcyUyQnl0aGZ6MERMalA1ayUyQm53R3phZlVwbWhYMmhBJTJGOWFWVllpTXVPbWU3cVBhV3JHMGhLR3lYT3pOc21NY1JLVDdBdXcwZERsN0xRb3lJQTdhU240dyUzRCUzRA
thehackernews.com/	1970-01-20 12:07:42	Name: cto_bundle Value: xY3ZpV9QNCUyRkkxUmZQT3N3Z1BEVERqMVl0cnNPNHp6ZkJxM1VHUm14ZDFoN0J0ZHM0NjhnWnBydzFkcjB5NkxSeFNSJTJGdks0THdpcjJWMlUlMkJpZmslMkJROVZLdFkyVFRaNTN0RWtjJTJCc3daaXNDMnIxanNZNGU3M0hZM25rejhaZWo0emElMkJyaQ

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj6zHdXd3qpCksF0nkMkrjsOzaw-cxZGPHWoTEp9y7VPIeyPBFGsmIyIX8NTkqI1IDqnIXYnsZuIh4rc9f8TNUn7ndAZqtXc-t58X2oueTaL4Ijb4hgH-b183QvQ0ienXIipuOsqeLP5b8I2prKmp0RWvdZQgnKehVRKbqRQpin1JgfwlZeE_IB4EmesQ/s1600/crowdsec-728.jpg Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aplogger.adpushup.com
c.amazon-adsystem.com
cdn.adpushup.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
e3.adpushup.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
googleads.g.doubleclick.net
gum.criteo.com
mug.criteo.com
pagead2.googlesyndication.com
rules.quantcount.com
secure.quantserve.com
securepubads.g.doubleclick.net
thehackernews.com
142.250.181.226
178.250.2.146
2001:4de0:ac18::1:a:2a
23.97.225.52
2600:9000:223e:0:6:44e3:f8c0:93a1
2606:4700:20::ac43:4615
2606:4700:4400::ac40:99f7
2606:4700::6810:5514
2606:4700::6811:190e
2620:116:800d:21:ee05:6a01:4b41:8c89
2a00:1450:4001:801::200a
2a00:1450:4001:80f::2002
2a00:1450:4001:811::2002
2a00:1450:4001:830::200e
2a00:1450:4001:831::2003
2a02:2638:1::13
51.124.210.81
52.222.210.175
019d22d3e70ec460a085db138f131a9d77cb25175dd7eecb155305c270ed221c
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
088064dd05ae8be6102a1ebc9c2ad4e04b65b83ff00230e38c46d466455ef072
0b8a17793a0291b59ff3b8553ec9fe1d3cccc8cf1b482a408184d3a2f4d1405f
13f1878fabdff05f47a87ea13c69587873e49579185df0fa40a3fe150b59600b
14bad6303b408069031c463d959b8a16cd25645a4bdbcf7146391b871e3e3a83
15e22ed60f494e473c8c8df804157465b9a7606101b2d36aa2ef750d2b12c707
1909b2a83fd41494d94862c4323944d9d0aa1f1e653f252ea5a73fc5944308b0
24778ef76bbb7f6b5503bf526d3334e8b7dd6f6da4d2c6805c83c15493e018d1
26914004d3a8d5ddde2202b642d7936eb61c9f195b5cd3c87e44ef8ad4d57c16
3125bf0377e63d9fed7cca67e15bb46973fbb2b970353a5f23bd0676c247ab34
34e30ea0ea7173d22b74606721cabad823eeed1fce47ea513d226d08863df02e
3d8ab8467b889847c12c542bee765afc54acbaff1cc91ce3197ab4f2be8f08ff
41f36457d5ec5bd7d115c29bea53e0d1ff77de7418837ef39e897f3b7d497e8a
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
475eec7f9197ce6aa2e7921122d5b97bde381cf90cc8626360f3d1c490ed1bbe
50d12a14f7245d52135bfe7ac98df628b4aa815f03ce81c7c347d0277450197f
6795c5c8b9b0aeb87d6663ccd7a71fb9d2f2817fe9b5c2e67bce0d5a5e1309a1
67ed095adc8c503eb73d3ba0c2c8ee76016ce92aca956d133f6ce8ccdc772790
688a1e2444a1171a4cfbc8674c62d53bc663bf35a7825eb3563851e79694411c
7339fe12f332ac7ecd6e0ef04bb7a48fad9e74be887d67f458548ff33ea4db65
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
976923d90016cb34d72690198dd87a33a3344e07c3d7aea413356b01cab31ccd
982d419a646ee8233580681b4347dbe0c9e889871ba885b9a8030008e84dd4d7
993bfa65bf339a219338e2e8bb37950b8fa1e0b6a59a9d98fcb58dcd548b3e10
a71328300f380217ae0abf7f805052a10a0c196cb241eb97adf9b905e4a48c8a
a80d0deb7261670ebb8132f4bfdf3f4efae3f6071cbb663c322ccdfcf769557f
b0b0b90a567bf72dc2464fa920bec827944ee07b587c212f9f81468ccc4a7857
b6285dce6b9fb557bd0c15683c62f9be0f2e0b760086854b59c952791ba9e8ae
b64123526da963fbec0f7acc2f7fb1afca168702ff476391f1179095bb3d5a1a
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bdf4a2aff574ee0307e42499c86d7f267e6b25db893e77e79329b042f9f16d87
c6a9d65e5bd6eb2447ea57e398e1d30f3c6e2d022ecf195933d161ffed964690
c991c17b9488f187e5d24db3bda532715a71bc74026a44efe1fcb59eeaf0d2c8
ca74c51b195cf87f448aca5401db513b4ab5baff9a67a8a8ced49ab05919a9d5
cc3fe5069ab4b1668c87829522f3631771df5fa7de5e086dcf32b89066077042
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d99c0a1f45effed75ec4bc8efdbf0df38dc1b3824a2d9d033736410e1d423a44
dfa729d82a3effadab1000181cb99108f232721e3b0af74cfae4c12704b35a32
e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eae76cb616003cb3e918dfd9f58d63cc8e832aa9d11a9eda64b1476af57e746a
f082f7fa9332a6055b254e19c987cc6f3a37b5ece6a1920978aaaa785d3df60b
f3410135bfdb9641bb550b1acfa8a3c22b6869acb13ca264de90d916a2f869de
f88754ecdaeedbf69845f3cb4015909beff31f92b173185c075ff8ab40ae3d02
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

thehackernews.com Open in urlscan Pro 2606:4700:20::ac43:4615 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

53 Requests

96 %HTTPS

72 %IPv6

14 Domains

18 Subdomains

19 IPs

4 Countries

1316 kBTransfer

3148 kBSize

5 Cookies

37 Outgoing links

Redirected requests

53 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

thehackernews.com Open in urlscan Pro
2606:4700:20::ac43:4615 Public Scan

Screenshot
Live screenshot

Full Image

53
Requests

96 %
HTTPS

72 %
IPv6

14
Domains

18
Subdomains

19
IPs

4
Countries

1316 kB
Transfer

3148 kB
Size

5
Cookies

53 HTTP transactions
8 data transactions